mickmick.net

Apple Products Multiple Vulnerabilities

Release Date: 17 May 2022

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure, remote code execution, security restriction bypass, elevation of privilege, denial of service and data manipulation on the targeted system.

 

Note:
CVE-2022-22675 is being exploited in the wild.

The vulnerability is related to the AppleAVD (a kernel extension for audio and video decoding). The vulnerability can exploit the AppleAVD that allows malicious apps to run arbitrary code with kernel privileges on the targeted system.

---

Impact

• Information Disclosure
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Data Manipulation
• Denial of Service

---

System / Technologies affected

• Versions prior to Safari 15.5
• Versions prior to tvOS 15.5
• Versions prior to Xcode 13.4
• Versions prior to macOS Catalina Security Update 2022-004
• Versions prior to macOS Big Sur 11.6.6
• Versions prior to macOS Monterey 12.4
• Versions prior to iOS 15.5
• Versions prior to iPadOS 15.5
• Versions prior to watchOS 8.6

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• Safari 15.5
• tvOS 15.5
• Xcode 13.4
• macOS Catalina Security Update 2022-004
• macOS Big Sur 11.6.6
• macOS Monterey 12.4
• iOS 15.5
• iPadOS 15.5
• watchOS 8.6

---

Vulnerability Identifier

• CVE-2015-4142
• CVE-2018-25032
• CVE-2021-4136
• CVE-2021-4166
• CVE-2021-4173
• CVE-2021-4187
• CVE-2021-4192
• CVE-2021-4193
• CVE-2021-44224
• CVE-2021-44790
• CVE-2021-45444
• CVE-2021-46059
• CVE-2022-0128
• CVE-2022-0530
• CVE-2022-0778
• CVE-2022-22589
• CVE-2022-22663
• CVE-2022-22665
• CVE-2022-22673
• CVE-2022-22674
• CVE-2022-22675
• CVE-2022-22677
• CVE-2022-22719
• CVE-2022-22720
• CVE-2022-22721
• CVE-2022-23308
• CVE-2022-24765
• CVE-2022-26693
• CVE-2022-26694
• CVE-2022-26697
• CVE-2022-26698
• CVE-2022-26700
• CVE-2022-26701
• CVE-2022-26702
• CVE-2022-26703
• CVE-2022-26704
• CVE-2022-26706
• CVE-2022-26708
• CVE-2022-26709
• CVE-2022-26710
• CVE-2022-26711
• CVE-2022-26712
• CVE-2022-26714
• CVE-2022-26715
• CVE-2022-26716
• CVE-2022-26717
• CVE-2022-26718
• CVE-2022-26719
• CVE-2022-26720
• CVE-2022-26721
• CVE-2022-26722
• CVE-2022-26723
• CVE-2022-26724
• CVE-2022-26725
• CVE-2022-26726
• CVE-2022-26727
• CVE-2022-26728
• CVE-2022-26731
• CVE-2022-26736
• CVE-2022-26737
• CVE-2022-26738
• CVE-2022-26739
• CVE-2022-26740
• CVE-2022-26741
• CVE-2022-26742
• CVE-2022-26743
• CVE-2022-26744
• CVE-2022-26745
• CVE-2022-26746
• CVE-2022-26747
• CVE-2022-26748
• CVE-2022-26749
• CVE-2022-26750
• CVE-2022-26751
• CVE-2022-26752
• CVE-2022-26753
• CVE-2022-26754
• CVE-2022-26755
• CVE-2022-26756
• CVE-2022-26757
• CVE-2022-26760
• CVE-2022-26761
• CVE-2022-26762
• CVE-2022-26763
• CVE-2022-26764
• CVE-2022-26765
• CVE-2022-26766
• CVE-2022-26767
• CVE-2022-26768
• CVE-2022-26769
• CVE-2022-26770
• CVE-2022-26771
• CVE-2022-26772
• CVE-2022-26775
• CVE-2022-26776

---

Source

• Apple

---

Related Link

• https://support.apple.com/kb/HT213260
• https://support.apple.com/kb/HT213254
• https://support.apple.com/kb/HT213261
• https://support.apple.com/kb/HT213255
• https://support.apple.com/kb/HT213256
• https://support.apple.com/kb/HT213257
• https://support.apple.com/kb/HT213258
• https://support.apple.com/kb/HT213253